package jrun.security.authorization;

import java.security.AccessController;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Principal;
import java.util.ArrayList;
import jrun.security.JRunSecurityException;
import jrun.security.JRunSecurityManager;
import jrun.security.JRunSecurityManagerService;
import jrun.security.SimplePrincipal;
import jrun.security.authorization.spi.AuthorizationItfc;
import jrun.security.authorization.spi.PolicyConfigurationFactoryItfc;
import jrun.security.authorization.spi.PolicyConfigurationItfc;
import jrunx.kernel.ServiceAdapter;
import jrunx.util.RB;

/* loaded from: input_file:jrun/security/authorization/JRunAuthorizationProvider.class */
public class JRunAuthorizationProvider extends ServiceAdapter implements JRunAuthorizationProviderMBean, AuthorizationItfc {
    private String AuthorizationPolicyStore;
    private String PolicyConfigurationFactoryName;
    private boolean LoadCache = true;
    private PolicyConfigurationFactoryItfc m_factory;
    private AuthorizationItfc m_agent;
    private JRunSecurityManager m_securityManager;

    @Override // jrun.security.authorization.JRunAuthorizationProviderMBean
    public void setAuthorizationPolicyStore(String str) {
        this.AuthorizationPolicyStore = str;
    }

    @Override // jrun.security.authorization.JRunAuthorizationProviderMBean
    public String getAuthorizationPolicyStore() {
        return this.AuthorizationPolicyStore;
    }

    @Override // jrun.security.authorization.JRunAuthorizationProviderMBean
    public void setPolicyConfigurationFactoryName(String str) {
        this.PolicyConfigurationFactoryName = str;
    }

    @Override // jrun.security.authorization.JRunAuthorizationProviderMBean
    public String getPolicyConfigurationFactoryName() {
        return this.PolicyConfigurationFactoryName;
    }

    @Override // jrun.security.authorization.JRunAuthorizationProviderMBean
    public void setLoadCache(boolean z) {
        this.LoadCache = z;
    }

    @Override // jrun.security.authorization.JRunAuthorizationProviderMBean
    public boolean getLoadCache() {
        return this.LoadCache;
    }

    @Override // jrun.security.authorization.spi.AuthorizationProviderItfc
    public PolicyConfigurationFactoryItfc getPolicyConfigurationFactory() {
        return this.m_factory;
    }

    @Override // jrun.security.authorization.spi.AuthorizationProviderItfc
    public AuthorizationItfc getAuthorizationAgent() {
        return this.m_agent;
    }

    @Override // jrunx.kernel.ServiceAdapter, jrunx.kernel.Service
    public void init() throws Exception {
        this.m_factory = new JRunPolicyConfigurationFactory(getLoadCache(), getAuthorizationPolicyStore());
        this.m_agent = this;
    }

    @Override // jrunx.kernel.ServiceAdapter, jrunx.kernel.Service
    public void start() throws Exception {
        this.m_securityManager = getSecurityManager();
    }

    @Override // jrun.security.authorization.spi.AuthorizationItfc
    public boolean checkAuthorization(Principal principal, Permission permission) throws JRunSecurityException {
        boolean z = false;
        if (permission instanceof JRunSecurityPermission) {
            z = doJRunAuthorization(principal, (JRunSecurityPermission) permission);
        } else {
            AccessController.checkPermission(permission);
        }
        return z;
    }

    protected boolean doJRunAuthorization(Principal principal, JRunSecurityPermission jRunSecurityPermission) throws JRunSecurityException {
        boolean z = true;
        String policyContextId = jRunSecurityPermission.getPolicyContextId();
        if (policyContextId == null || policyContextId.equalsIgnoreCase("UNKNOWN")) {
            policyContextId = "JRUN_GLOBAL_POLICY";
        }
        PolicyConfigurationItfc policyConfiguration = this.m_factory.getPolicyConfiguration(policyContextId);
        if (policyConfiguration != null && !policyConfiguration.isUnckeckedPermission(jRunSecurityPermission)) {
            int i = 2;
            if (principal == null) {
                throw new JRunSecurityException(RB.getString(this, "JRunSecurityManagerService.PrincipalNull"));
            }
            if ((principal instanceof SimplePrincipal) && ((SimplePrincipal) principal).getType().equalsIgnoreCase(SimplePrincipal.ROLE)) {
                i = 1;
            }
            PermissionCollection permissions = policyConfiguration.getPermissions(principal.getName(), i);
            if (permissions != null) {
                z = permissions.implies(jRunSecurityPermission);
            } else if (i != 2 || JRunSecurityManagerService.DEFAULT_USER_PRINCIPAL.equalsIgnoreCase(principal.getName())) {
                z = false;
            } else {
                ArrayList roles = policyConfiguration.getRoles(jRunSecurityPermission);
                z = (roles == null || roles.size() <= 0) ? false : this.m_securityManager.isPrincipalInRole(principal, roles, null);
            }
        }
        return z;
    }

    private final JRunSecurityManager getSecurityManager() throws JRunSecurityException {
        try {
            JRunSecurityManager jRunSecurityManager = (JRunSecurityManager) invokeMethod(findObjectInstance(ServiceAdapter.SECURITY_MANAGER, true).getObjectName(), "getJRunSecurityManager", null, null);
            if (jRunSecurityManager == null) {
                getLogger().logError(RB.getString(this, "JRunAuthorizationProvider.LookupFailed", ServiceAdapter.SECURITY_MANAGER));
            }
            return jRunSecurityManager;
        } catch (Exception e) {
            throw new JRunSecurityException(e.getMessage());
        }
    }
}
